How to secure DDP?


From what I know, I can connect Meteor A app to Meteor B app by using DDP.connect(url-for-B-app). Does that mean that any app can simply connect to B app by doing DDP.connect? How do I deny/allow connection? Is setting Content Security Policy enough?


You can secure DDP by:


  • Configure your firewall to only allow inbound traffic from certain IP ranges and on cergain ports


  • You can get information about the connection inside of the method function etc.

this.connection will give you info you can use.